ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Infracore LLC are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Infracore LLC at (858) 509-1970.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 24 February 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Privacy Technology Best Practices Cloud Software Business computing Microsoft Google Windows 10 Backup Hackers Network Security Smartphones Malware Business Android Hardware Managed IT Services Alert Small Business Business Continuity Innovation Data Email Office Hosted Solutions Browser Disaster Recovery VoIP Ransomware Outsourced IT Business Management Internet Computers Computer Chrome Smartphone Productivity Telephone Systems Efficiency User Tips Law Enforcement Data Backup Cloud Computing Mobile Devices Cybercrime Virtualization How To Productivity Miscellaneous IT Services App Health Passwords Password Social Media Quick Tips Managed IT Services Money Cybersecurity Collaboration Windows Social Engineering Communications Work/Life Balance Office Tips Router Upgrade Data Breach Bring Your Own Device Office 365 Spam Private Cloud Google Drive HaaS Artificial Intelligence Data Recovery IT Support Communication Hacking Holiday Wi-Fi Windows 10 Facebook Two-factor Authentication Network Automation Phishing Saving Money IT Plan Battery Server Operating System End of Support Electronic Medical Records Word Unsupported Software Microsoft Office Comparison Vulnerability Legal Samsung Charger Keyboard Patch Management Government Value Gadgets Mobile Device Management Business Intelligence Scam Public Cloud Redundancy Marketing Computer Care Avoiding Downtime Data Security History Remote Computing Remote Monitoring Internet of Things Flexibility PDF CES Automobile Mobility Managed Service Provider Data Storage Data Management Worker OneNote Workplace Tips Employer-Employee Relationship Big Data IT Management Apps Spam Blocking Rootkit Tools Politics Infrastructure Instant Messaging Data storage Books HIPAA Multi-Factor Security Tip of the week Credit Cards Training Password Manager Downtime Trending webinar Human Resources Education Windows Server 2008 Fraud Windows 10s Internet exploMicrosoft Save Money Vendor Management Managed IT Business Mangement Root Cause Analysis Safety Conferencing Emergency Staff Software Tips Computing Infrastructure Windows 7 Amazon Advertising Save Time Wireless Botnet Gmail Bandwidth Specifications Emails Data Protection BYOD Applications Flash Amazon Web Services Solid State Drive Best Practice Cleaning Travel Experience Recycling Meetings Networking Users Techology Digital Signature Hiring/Firing Content Online Shopping Audit Mobile Device Loyalty Current Events Music eWaste Search Physical Security Virtual Reality Millennials IT solutions Files Transportation Hybrid Cloud Employer Employee Relationship Sync Audiobook Evernote Computer Fan Video Games SaaS Knowledge Wearable Technology Criminal Data loss How to Worker Commute Workforce IT Support Benefits Computer Accessories Apple Entertainment Wireless Charging The Internet of Things Network Congestion USB Screen Mirroring Black Market Google Docs HBO BDR Firewall Bluetooth iPhone Telephony Cortana FENG Scalability Assessment IT Consultant Recovery Troubleshooting Cast Website Relocation Outlook Telecommuting Settings User Error Smart Technology Skype Google Apps Television Leadership Monitor Update Content Management Voice over Internet Protocol Frequently Asked Questions Remote Work Two Factor Authentication Information Technology Start Menu Risk Management Workers Public Computer Blockchain Humor Excel Identity Theft Internet Exlporer CrashOverride Thank You Congratulations Webinar Encryption WiFi

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.
Maria Albert Download the Wrong App and Have More Than Pokémon Fever Infect Your Device
26 September 2017
Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these...
nathan dwyer Your Guide To Mobile Device Management as an SMB
07 September 2017
I come here after quite a while since 2016 and entire this term i have miss the chance to get inform...